dns exploit
Brian Keefer
chort at smtps.net
Sat Jul 26 06:02:01 UTC 2008
On Jul 25, 2008, at 10:43 PM, Chris Buxton wrote:
> That sure seems like a lot of work when you could just:
>
> dig porttest.dns-oarc.net txt +short @server-ip
>
> For example:
>
> $ dig porttest.dns-oarc.net txt +short @217.151.171.7
> z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
> "217.151.171.7 is GOOD: 26 queries in 3.9 seconds from 26 ports with
> std dev 19886.66"
>
> Notice the word "GOOD" in the output. Also notice the standard
> deviation shown at the end - you want 5 digits before the decimal
> point.
>
> Chris Buxton
> Professional Services
> Men & Mice
Trust me, I'm not trying to say this way is better, I'm just saying
if you're going to use noclicky, make sure it's giving you the right
results. Most people using noclicky probably already found the
problem and fixed it on their own, but I just wanted to get the
correction publicized for those who might be relying on it without
understanding it. It seems a bit more polite to the author than to
simply say "don't use that, it's broken". *shrug*
Also, I noticed that doxpara/noclicky have different results for my
nameservers than porttest.dns-oarc.net has. doxpara says I fail, dns-
oarc.net says I pass. Looking at a tcpdump I see that the queries
indeed use the same port for doxpara, but different ports for dns-
oarc. I haven't had a chance to look closely enough yet to figure
out why that is.
Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email. Protect data."
More information about the bind-users
mailing list